From dfa554dd6e9b42d3a1a2c9d016a7bdfe6b6aa176 Mon Sep 17 00:00:00 2001 From: Samael Wang Date: Fri, 10 Jan 2020 16:34:07 +0000 Subject: [PATCH] Bug 836567 - Part 1: Set ResultPrincipalURI to active document's URI before evaluating a javascript: URL. r=smaug Differential Revision: https://phabricator.services.mozilla.com/D59464 --HG-- extra : moz-landing-system : lando --- dom/jsurl/nsJSProtocolHandler.cpp | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/dom/jsurl/nsJSProtocolHandler.cpp b/dom/jsurl/nsJSProtocolHandler.cpp index 37f126c7236e..a203cf40aea5 100644 --- a/dom/jsurl/nsJSProtocolHandler.cpp +++ b/dom/jsurl/nsJSProtocolHandler.cpp @@ -155,12 +155,28 @@ nsresult nsJSThunk::EvaluateScript( } NS_ENSURE_ARG_POINTER(aChannel); + MOZ_ASSERT(aOriginalInnerWindow, + "We should not have gotten here if this was null!"); + + // Set the channel's resultPrincipalURI to the active document's URI. This + // corresponds to treating that URI as the URI of our channel's response. In + // the spec we're supposed to use the URL of the active document, but since + // we bail out of here if the inner window has changed, and GetDocumentURI() + // on the inner window returns the URL of the active document if the inner + // window is current, this is equivalent to the spec behavior. + nsCOMPtr docURI = aOriginalInnerWindow->GetDocumentURI(); + if (!docURI) { + // We're not going to be able to have a sane URL, so just don't run the + // script at all. + return NS_ERROR_DOM_RETVAL_UNDEFINED; + } + nsCOMPtr loadInfo = aChannel->LoadInfo(); + loadInfo->SetResultPrincipalURI(docURI); // Get principal of code for execution nsCOMPtr owner; aChannel->GetOwner(getter_AddRefs(owner)); nsCOMPtr principal = do_QueryInterface(owner); - nsCOMPtr loadInfo = aChannel->LoadInfo(); if (!principal) { if (loadInfo->GetForceInheritPrincipal()) { principal = loadInfo->FindPrincipalToInherit(aChannel);